From theall at tenable.com Fri Sep 7 09:22:04 2012 From: theall at tenable.com (George A. Theall) Date: Fri, 7 Sep 2012 10:22:04 -0400 Subject: [VIM] MobileCartly 'savepage.php' Arbitrary File Create Vulnerability Message-ID: <29181B4E-BDC1-48FF-B528-1842B8BC9BCE@tenable.com> SecurityFocus created BID 55399 earlier this week based on a Metasploit module from sinn3r. Can anyone (Rob?) explain how this BID differs from 54970, which was created in August Other than differences in whitespace, the exploits in both BIDs are identical; eg, http://downloads.securityfocus.com/vulnerabilities/exploits/54970.rb http://downloads.securityfocus.com/vulnerabilities/exploits/55399.rb George -- theall at tenable.com From venkat_kantha at securityfocus.com Mon Sep 10 07:44:17 2012 From: venkat_kantha at securityfocus.com (venkat) Date: Mon, 10 Sep 2012 18:14:17 +0530 Subject: [VIM] MobileCartly 'savepage.php' Arbitrary File Create Vulnerability In-Reply-To: <29181B4E-BDC1-48FF-B528-1842B8BC9BCE@tenable.com> References: <29181B4E-BDC1-48FF-B528-1842B8BC9BCE@tenable.com> Message-ID: <504DE0A1.8060906@securityfocus.com> Hey George, This was an error on our part, the duplicate has been removed. Thanks for pointing it out. --Venkat On 07/09/12 19:52, George A. Theall wrote: > SecurityFocus created BID 55399 earlier this week based on a Metasploit module from sinn3r. Can anyone (Rob?) explain how this BID differs from 54970, which was created in August Other than differences in whitespace, the exploits in both BIDs are identical; eg, > > http://downloads.securityfocus.com/vulnerabilities/exploits/54970.rb > http://downloads.securityfocus.com/vulnerabilities/exploits/55399.rb > > > George > From theall at tenable.com Mon Sep 10 20:52:34 2012 From: theall at tenable.com (George A. Theall) Date: Mon, 10 Sep 2012 21:52:34 -0400 Subject: [VIM] MobileCartly 'savepage.php' Arbitrary File Create Vulnerability In-Reply-To: <504DE0A1.8060906@securityfocus.com> References: <29181B4E-BDC1-48FF-B528-1842B8BC9BCE@tenable.com> <504DE0A1.8060906@securityfocus.com> Message-ID: On Sep 10, 2012, at 8:44 AM, venkat wrote: > > Hey George, > > This was an error on our part, the duplicate has been removed. > > Thanks for pointing it out. And another -- BID 55477 was created today for a SQL injection in the RokModule component for Joomla!, presumably related to EDB-ID 21221. The new BID references CVE-2010-1479, as does the Exploit DB advisory. Yet that CVE references BID 39378, which appears to cover the same issue. Thoughts? > > > --Venkat > > > On 07/09/12 19:52, George A. Theall wrote: >> SecurityFocus created BID 55399 earlier this week based on a Metasploit module from sinn3r. Can anyone (Rob?) explain how this BID differs from 54970, which was created in August Other than differences in whitespace, the exploits in both BIDs are identical; eg, >> >> http://downloads.securityfocus.com/vulnerabilities/exploits/54970.rb >> http://downloads.securityfocus.com/vulnerabilities/exploits/55399.rb >> >> >> George >> > George -- theall at tenable.com From venkat_kantha at securityfocus.com Tue Sep 11 09:26:08 2012 From: venkat_kantha at securityfocus.com (venkat) Date: Tue, 11 Sep 2012 19:56:08 +0530 Subject: [VIM] MobileCartly 'savepage.php' Arbitrary File Create Vulnerability In-Reply-To: References: <29181B4E-BDC1-48FF-B528-1842B8BC9BCE@tenable.com> <504DE0A1.8060906@securityfocus.com> Message-ID: <504F4A00.2010605@securityfocus.com> Hey, Both the issues are different. The one created yesterday (BID 55477) is affecting a different parameter('module'). BID 39378 is for 'moduleid' parameter. You are right CVE-2010-1479 should go for BID 39378, it was incorrectly added to yesterday's BID. We have updated both the BIDs accordingly. Thank you once again :) Regards Venkat On 11/09/12 07:22, George A. Theall wrote: > > On Sep 10, 2012, at 8:44 AM, venkat wrote: > >> >> Hey George, >> >> This was an error on our part, the duplicate has been removed. >> >> Thanks for pointing it out. > > And another -- BID 55477 was created today for a SQL injection in the RokModule component for Joomla!, presumably related to EDB-ID 21221. The new BID references CVE-2010-1479, as does the Exploit DB advisory. Yet that CVE references BID 39378, which appears to cover the same issue. Thoughts? > >> >> >> --Venkat >> >> >> On 07/09/12 19:52, George A. Theall wrote: >>> SecurityFocus created BID 55399 earlier this week based on a Metasploit module from sinn3r. Can anyone (Rob?) explain how this BID differs from 54970, which was created in August Other than differences in whitespace, the exploits in both BIDs are identical; eg, >>> >>> http://downloads.securityfocus.com/vulnerabilities/exploits/54970.rb >>> http://downloads.securityfocus.com/vulnerabilities/exploits/55399.rb >>> >>> >>> George >>> >> > > George > From jericho at attrition.org Thu Sep 13 15:55:14 2012 From: jericho at attrition.org (security curmudgeon) Date: Thu, 13 Sep 2012 15:55:14 -0500 (CDT) Subject: [VIM] BID 51273 bad date (fwd) Message-ID: This is still showing 2012-12-29 as disclosure date. ---------- Forwarded message ---------- From: security curmudgeon To: vuldb at securityfocus.com Date: Mon, 25 Jun 2012 19:24:45 -0500 (CDT) Subject: BID 51273 bad date Pligg CMS 'status' Parameter SQL Injection Vulnerability 2012-12-29 http://www.securityfocus.com/bid/51273 From jericho at attrition.org Thu Sep 13 16:03:38 2012 From: jericho at attrition.org (security curmudgeon) Date: Thu, 13 Sep 2012 16:03:38 -0500 (CDT) Subject: [VIM] BID 52154 / 51925 - possible dupes Message-ID: Both unspecified MySQL, credit Intervydis in one, VulnDisco in other. Both are upgrade to 5.5.20, etc. From venkat_kantha at securityfocus.com Fri Sep 14 13:01:17 2012 From: venkat_kantha at securityfocus.com (venkat) Date: Fri, 14 Sep 2012 23:31:17 +0530 Subject: [VIM] BID 52154 / 51925 - possible dupes In-Reply-To: References: Message-ID: <505370ED.7080609@securityfocus.com> Hi, You are right, 52154 is a duplicate of 51925. We have retired that duplicate. Thanks for the notification. Regards Venkat On 14/09/12 02:33, security curmudgeon wrote: > > Both unspecified MySQL, credit Intervydis in one, VulnDisco in other. > Both are upgrade to 5.5.20, etc. From jericho at attrition.org Sat Sep 15 16:46:46 2012 From: jericho at attrition.org (security curmudgeon) Date: Sat, 15 Sep 2012 16:46:46 -0500 (CDT) Subject: [VIM] CVE assignments for Aug 2012 Oracle? Message-ID: Three of the recent Oracle advisories don't have CVE, and there doesn't appear to be a way to affiliate with the Oracle advisory as you provide details, but they do not. Any help? http://www.zerodayinitiative.com/advisories/ZDI-12-152/ http://www.zerodayinitiative.com/advisories/ZDI-12-151/ http://www.zerodayinitiative.com/advisories/ZDI-12-150/ Thanks! From jericho at attrition.org Sun Sep 16 12:26:32 2012 From: jericho at attrition.org (security curmudgeon) Date: Sun, 16 Sep 2012 12:26:32 -0500 (CDT) Subject: [VIM] CVE assignments for a couple Feb/Mar 2012 Oracle? Message-ID: Hey ZDI; A couple more that don't have enough information to line them up to Oracle's advisory. Could you inquire with Oracle which CVEs were assigned to these two? http://www.zerodayinitiative.com/advisories/ZDI-12-037/ http://www.zerodayinitiative.com/advisories/ZDI-12-045/ Thanks! From zdi-disclosures at tippingpoint.com Mon Sep 17 09:02:27 2012 From: zdi-disclosures at tippingpoint.com (ZDI Disclosures) Date: Mon, 17 Sep 2012 14:02:27 +0000 Subject: [VIM] CVE assignments for Aug 2012 Oracle? In-Reply-To: References: Message-ID: <04F9AFDCA6560B42B91DB1A429B7D0DE0553C5D1@G1W3778.americas.hpqcorp.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello, We did not receive a CVE from Oracle when they provided the advisory links for the below disclosures. I have asked them if any of the CVE's in the advisory link relate specifically to our cases. I will let you know what I find out. Regards, The ZDI Team - -----Original Message----- From: security curmudgeon [mailto:jericho at attrition.org] Sent: Saturday, September 15, 2012 4:47 PM To: ZDI Disclosures Cc: vim at attrition.org Subject: CVE assignments for Aug 2012 Oracle? Three of the recent Oracle advisories don't have CVE, and there doesn't appear to be a way to affiliate with the Oracle advisory as you provide details, but they do not. Any help? http://www.zerodayinitiative.com/advisories/ZDI-12-152/ http://www.zerodayinitiative.com/advisories/ZDI-12-151/ http://www.zerodayinitiative.com/advisories/ZDI-12-150/ Thanks! -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) Charset: utf-8 wsBVAwUBUFctbgpqzihWMQCjAQh3LQf+Kh5m8IwaKaLvK7UxRtePhxtK5NX6GvV4 K2KpLn4FQkxSEGqBAkcQ85XgI0+bNonZNxFbXEZWHh0Nsi7YXIhZOdOCxKsL8xEe VyneZOyM6fQjDCIKq4SZPaOm0OX6XfpmmHxJpuaeaLw9N9uEAY0JROPWHcg1AHuA 23TtcAKcYPSHXmcml7gD5J9obdVlTHWajcgkc0vnzfmmINmaTCT/qUDqQZFF8Ugd 7yHZYZwfddN0rhsQQ77emx2aYUyM7hx3x5100jRbrPdiLVqR9Oaz0xAYt6d/SP0k bQfsWqD6NYiqUyx4f92jSdcKzqFe841G/+YVeDqA+xedikp51iA4kw== =yPlV -----END PGP SIGNATURE----- From zdi-disclosures at tippingpoint.com Mon Sep 17 09:03:24 2012 From: zdi-disclosures at tippingpoint.com (ZDI Disclosures) Date: Mon, 17 Sep 2012 14:03:24 +0000 Subject: [VIM] CVE assignments for a couple Feb/Mar 2012 Oracle? In-Reply-To: References: Message-ID: <04F9AFDCA6560B42B91DB1A429B7D0DE0553C5DE@G1W3778.americas.hpqcorp.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 These particular case Oracle confirmed earlier that they did not assign CVE's to them and won't do so once published. Regards, The ZDI Team - -----Original Message----- From: security curmudgeon [mailto:jericho at attrition.org] Sent: Sunday, September 16, 2012 12:27 PM To: ZDI Disclosures Cc: vim at attrition.org Subject: CVE assignments for a couple Feb/Mar 2012 Oracle? Hey ZDI; A couple more that don't have enough information to line them up to Oracle's advisory. Could you inquire with Oracle which CVEs were assigned to these two? http://www.zerodayinitiative.com/advisories/ZDI-12-037/ http://www.zerodayinitiative.com/advisories/ZDI-12-045/ Thanks! -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) Charset: utf-8 wsBVAwUBUFctqApqzihWMQCjAQgg5ggAm6ahwH1UwzPj9B3m20AWfs1LK4shbjED 6rc8z7HQaWlfURm5ttzm18php/xO1ZkRLdOgTn26XoS+S7tt8dTWWnesNhqm9zdy a4IZtWMf+wS1gVEL77aNsnu1aHPAwAGfeYSwndWcqt0kisgCKbwhVZaE9DzOiSpF 9mnDDkboPsZ3c3TM95jDqLjsqvJMfBxRACzl7nhjLk+JBpA9FX++0Nc005RrLeb/ ZIoh9JCxoP4ZPWDcyE4Lq0MA1bN1qZOoCAYtOAJnkfB0/kAF0CFb7yz9wjl/KJsl rj8bk1VfWbNeaCViOiKqEZZ49feimfhetKruchE1YIhujlBSnLsQNw== =N3LB -----END PGP SIGNATURE----- From Narayan_Agarwalla at symantec.com Thu Sep 20 11:35:24 2012 From: Narayan_Agarwalla at symantec.com (Narayan Agarwalla) Date: Thu, 20 Sep 2012 09:35:24 -0700 Subject: [VIM] Could not find some ZDI-CAN-XXXX is pointing to which ZDI advisory Message-ID: <96CC6D276D1CC043905F0666B28DA2CB2A26EB102F@APJ1XCHEVSPIN30.SYMC.SYMANTEC.COM> Hi ZDI team I came across a HP advisory link. http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03489683&ac.admitted=1348156050286.876444892.199480143 In this advisory, HP are pointing CVE-2012-3259 to ZDI-CAN-1461 CVE-2012-3260 to ZDI-CAN-1462 CVE-2012-3261 to ZDI-CAN-1463 CVE-2012-3262 to ZDI-CAN-1464 CVE-2012-3263 to ZDI-CAN-1465 CVE-2012-3264 to ZDI-CAN-1472 Is ZDI-CAN-1461, ZDI-CAN-1462, ZDI-CAN-1463, ZDI-CAN-1464, ZDI-CAN-1465, ZDI-CAN-1465, ZDI-CAN-1472 same as ZDI-12-173, ZDI-12-174, ZDI-12-175, ZDI-12-176, ZDI-12-177, ZDI-12-178 advisories. Thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: From zdi-disclosures at tippingpoint.com Thu Sep 20 14:46:02 2012 From: zdi-disclosures at tippingpoint.com (ZDI Disclosures) Date: Thu, 20 Sep 2012 19:46:02 +0000 Subject: [VIM] Could not find some ZDI-CAN-XXXX is pointing to which ZDI advisory In-Reply-To: <96CC6D276D1CC043905F0666B28DA2CB2A26EB102F@APJ1XCHEVSPIN30.SYMC.SYMANTEC.COM> References: <96CC6D276D1CC043905F0666B28DA2CB2A26EB102F@APJ1XCHEVSPIN30.SYMC.SYMANTEC.COM> Message-ID: <04F9AFDCA6560B42B91DB1A429B7D0DE0553C7E0@G1W3778.americas.hpqcorp.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The following are the list of published advisories mapping to the ZDI-CAN numbers noted below zdi-12-177 zdi-12-176 zdi-12-173 zdi-12-175 zdi-12-174 zdi-12-166 Regards The ZDI Team From: Narayan Agarwalla [mailto:Narayan_Agarwalla at symantec.com] Sent: Thursday, September 20, 2012 11:35 AM To: ZDI Disclosures Cc: vim at attrition.org Subject: [VIM] Could not find some ZDI-CAN-XXXX is pointing to which ZDI advisory Hi ZDI team I came across a HP advisory link. http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_ na-c03489683&ac.admitted=1348156050286.876444892.199480143 In this advisory, HP are pointing CVE-2012-3259 to ZDI-CAN-1461 CVE-2012-3260 to ZDI-CAN-1462 CVE-2012-3261 to ZDI-CAN-1463 CVE-2012-3262 to ZDI-CAN-1464 CVE-2012-3263 to ZDI-CAN-1465 CVE-2012-3264 to ZDI-CAN-1472 Is ZDI-CAN-1461, ZDI-CAN-1462, ZDI-CAN-1463, ZDI-CAN-1464, ZDI-CAN-1465, ZDI-CAN-1465, ZDI-CAN-1472 same as ZDI-12-173, ZDI-12-174, ZDI-12-175, ZDI-12-176, ZDI-12-177, ZDI-12-178 advisories. Thanks! -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) Charset: utf-8 wsBVAwUBUFtycFVtgMGTo1scAQKbDgf+O/JUgB+98ucQuugAGGWAberxU75JlmJ+ 3qHO/fXw1XsEdE+8BIUdbKNFt8EqZFVmIl8NhTV7zn1pRm/mDss6FYbYDZdom+OP yOkpFfbWYlT1N745MXDuQLbBCa7YUZ7zScog7IsZ8h5BftFOfa5qywua2Zoq98oz woC1dZ/0Q5OeMD3r3U8mq/hxCmAfF+bONqsgCdIzlJmjcchKesGP1ZzYpJTC7O22 RwrOUz+Ou1wqwaomALQ0XhQIcA42CgXE+h+0j/jy9X0gONj3UoCqkPz3r1dtZqvg ISKXNs/0Pfl548MTsqZtbfgMcgfFYXxkOvEHchBGzCJbF8atcZQy1w== =Wu0P -----END PGP SIGNATURE----- From Narayan_Agarwalla at symantec.com Thu Sep 20 15:04:56 2012 From: Narayan_Agarwalla at symantec.com (Narayan Agarwalla) Date: Thu, 20 Sep 2012 13:04:56 -0700 Subject: [VIM] Could not find some ZDI-CAN-XXXX is pointing to which ZDI advisory In-Reply-To: <04F9AFDCA6560B42B91DB1A429B7D0DE0553C7E0@G1W3778.americas.hpqcorp.net> References: <96CC6D276D1CC043905F0666B28DA2CB2A26EB102F@APJ1XCHEVSPIN30.SYMC.SYMANTEC.COM> <04F9AFDCA6560B42B91DB1A429B7D0DE0553C7E0@G1W3778.americas.hpqcorp.net> Message-ID: <96CC6D276D1CC043905F0666B28DA2CB2A26EB10A9@APJ1XCHEVSPIN30.SYMC.SYMANTEC.COM> Hi ZDI Team, The HP advisory says ZDI-CAN-1472 issue is related to HP SiteScope SOAP Security Issues wheres according to ur mapping it matches with HP LeftHand Virtual SAN Appliance issue. Any help how is that possible? Thanks! -----Original Message----- From: ZDI Disclosures [mailto:zdi-disclosures at tippingpoint.com] Sent: Friday, September 21, 2012 1:16 AM To: Narayan Agarwalla Cc: vim at attrition.org Subject: RE: [VIM] Could not find some ZDI-CAN-XXXX is pointing to which ZDI advisory * PGP Signed by an unknown key The following are the list of published advisories mapping to the ZDI-CAN numbers noted below zdi-12-177 zdi-12-176 zdi-12-173 zdi-12-175 zdi-12-174 zdi-12-166 Regards The ZDI Team From: Narayan Agarwalla [mailto:Narayan_Agarwalla at symantec.com] Sent: Thursday, September 20, 2012 11:35 AM To: ZDI Disclosures Cc: vim at attrition.org Subject: [VIM] Could not find some ZDI-CAN-XXXX is pointing to which ZDI advisory Hi ZDI team I came across a HP advisory link. http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_ na-c03489683&ac.admitted=1348156050286.876444892.199480143 In this advisory, HP are pointing CVE-2012-3259 to ZDI-CAN-1461 CVE-2012-3260 to ZDI-CAN-1462 CVE-2012-3261 to ZDI-CAN-1463 CVE-2012-3262 to ZDI-CAN-1464 CVE-2012-3263 to ZDI-CAN-1465 CVE-2012-3264 to ZDI-CAN-1472 Is ZDI-CAN-1461, ZDI-CAN-1462, ZDI-CAN-1463, ZDI-CAN-1464, ZDI-CAN-1465, ZDI-CAN-1465, ZDI-CAN-1472 same as ZDI-12-173, ZDI-12-174, ZDI-12-175, ZDI-12-176, ZDI-12-177, ZDI-12-178 advisories. Thanks! * Unknown Key * 0x93A35B1C(L) From theall at tenable.com Thu Sep 27 13:26:48 2012 From: theall at tenable.com (George A. Theall) Date: Thu, 27 Sep 2012 14:26:48 -0400 Subject: [VIM] OPTIMA PLC Multiple Denial of Service Vulnerabilities Message-ID: <31DC5E04-B4FD-492A-A8CB-33D2C8D1752E@tenable.com> Venkat or Rob, can you explain what the differences are between the newly issued BID 55712 and 50658, from last year? Both concern null pointer and endless loop vulnerabilities in Optima APIFTP Server discovered by Luigi Auriemma. George -- theall at tenable.com